Memory addresses












-3














I am workin on Overthewire narnia2(ctf game).
Currently I am learning how to use the gdb and I have a simple question. 



    (gdb) x/200x $esp-0xac

0xffffd5a4: 0x08048534  0xffffd5c8  0xf7e5b7d0  0xffffd5c8

0xffffd5b4: 0xf7ffd920  0xf7e5b7d5  0x08048494  0x08048534

0xffffd5c4: 0xffffd5c8  0x6850c031  0x68732f2f  0x69622f68

0xffffd5d4: 0x50e3896e  0x89e18953  0xcd0bb0c2  0x41414180

0xffffd5e4: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd5f4: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd604: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd614: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd624: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd634: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd644: 0x41414141  0x62626262  0xf7e2a200  0x00000002

0xffffd654: 0xffffd6e4  0xffffd6f0  0x00000000  0x00000000

0xffffd664: 0x00000000  0xf7fc5000  0xf7ffdc0c  0xf7ffd000

0xffffd674: 0x00000000  0x00000002  0xf7fc5000  0x00000000

0xffffd684: 0x59e07c0a  0x6308501a  0x00000000  0x00000000







    (gdb) x/200x $esp



0xffffd7a0: 0x000036b2  0x0000000e  0x000036b2  0x00000017

0xffffd7b0: 0x00000001  0x00000019  0xffffd7eb  0x0000001a

0xffffd7c0: 0x00000000  0x0000001f  0xffffdfe8  0x0000000f

0xffffd7d0: 0xffffd7fb  0x00000000  0x00000000  0x00000000

0xffffd7e0: 0x00000000  0x00000000  0x8b000000  0xb1cfbc04

0xffffd7f0: 0x91563e77  0xcb1ff506  0x6957e20c  0x00363836

0xffffd800: 0x00000000  0x00000000  0x00000000  0x72616e2f

0xffffd810: 0x2f61696e  0x6e72616e  0x00326169  0x41414141

0xffffd820: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd830: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd840: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd850: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd860: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd870: 0x41414141  0x41414141  0x41414141  0x41414141

0xffffd880: 0x41414141  0x31414141  0x2f6850c0  0x6868732f

0xffffd890: 0x6e69622f  0x5350e389  0xc289e189  0x80cd0bb0


what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
what is the most used and why?






c debugging gdb buffer-overflow







share|improve this question





























    -3














    I am workin on Overthewire narnia2(ctf game).
    Currently I am learning how to use the gdb and I have a simple question. 



        (gdb) x/200x $esp-0xac
    
0xffffd5a4: 0x08048534  0xffffd5c8  0xf7e5b7d0  0xffffd5c8
    
0xffffd5b4: 0xf7ffd920  0xf7e5b7d5  0x08048494  0x08048534
    
0xffffd5c4: 0xffffd5c8  0x6850c031  0x68732f2f  0x69622f68
    
0xffffd5d4: 0x50e3896e  0x89e18953  0xcd0bb0c2  0x41414180
    
0xffffd5e4: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd5f4: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd604: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd614: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd624: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd634: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd644: 0x41414141  0x62626262  0xf7e2a200  0x00000002
    
0xffffd654: 0xffffd6e4  0xffffd6f0  0x00000000  0x00000000
    
0xffffd664: 0x00000000  0xf7fc5000  0xf7ffdc0c  0xf7ffd000
    
0xffffd674: 0x00000000  0x00000002  0xf7fc5000  0x00000000
    
0xffffd684: 0x59e07c0a  0x6308501a  0x00000000  0x00000000
    

    

    

    
    (gdb) x/200x $esp
    

    
0xffffd7a0: 0x000036b2  0x0000000e  0x000036b2  0x00000017
    
0xffffd7b0: 0x00000001  0x00000019  0xffffd7eb  0x0000001a
    
0xffffd7c0: 0x00000000  0x0000001f  0xffffdfe8  0x0000000f
    
0xffffd7d0: 0xffffd7fb  0x00000000  0x00000000  0x00000000
    
0xffffd7e0: 0x00000000  0x00000000  0x8b000000  0xb1cfbc04
    
0xffffd7f0: 0x91563e77  0xcb1ff506  0x6957e20c  0x00363836
    
0xffffd800: 0x00000000  0x00000000  0x00000000  0x72616e2f
    
0xffffd810: 0x2f61696e  0x6e72616e  0x00326169  0x41414141
    
0xffffd820: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd830: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd840: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd850: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd860: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd870: 0x41414141  0x41414141  0x41414141  0x41414141
    
0xffffd880: 0x41414141  0x31414141  0x2f6850c0  0x6868732f
    
0xffffd890: 0x6e69622f  0x5350e389  0xc289e189  0x80cd0bb0


    what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
    what is the most used and why?






    c debugging gdb buffer-overflow







    share|improve this question



























      -3












      -3








      -3







      I am workin on Overthewire narnia2(ctf game).
      Currently I am learning how to use the gdb and I have a simple question. 



          (gdb) x/200x $esp-0xac
      
0xffffd5a4: 0x08048534  0xffffd5c8  0xf7e5b7d0  0xffffd5c8
      
0xffffd5b4: 0xf7ffd920  0xf7e5b7d5  0x08048494  0x08048534
      
0xffffd5c4: 0xffffd5c8  0x6850c031  0x68732f2f  0x69622f68
      
0xffffd5d4: 0x50e3896e  0x89e18953  0xcd0bb0c2  0x41414180
      
0xffffd5e4: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd5f4: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd604: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd614: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd624: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd634: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd644: 0x41414141  0x62626262  0xf7e2a200  0x00000002
      
0xffffd654: 0xffffd6e4  0xffffd6f0  0x00000000  0x00000000
      
0xffffd664: 0x00000000  0xf7fc5000  0xf7ffdc0c  0xf7ffd000
      
0xffffd674: 0x00000000  0x00000002  0xf7fc5000  0x00000000
      
0xffffd684: 0x59e07c0a  0x6308501a  0x00000000  0x00000000
      

      

      

      
    (gdb) x/200x $esp
      

      
0xffffd7a0: 0x000036b2  0x0000000e  0x000036b2  0x00000017
      
0xffffd7b0: 0x00000001  0x00000019  0xffffd7eb  0x0000001a
      
0xffffd7c0: 0x00000000  0x0000001f  0xffffdfe8  0x0000000f
      
0xffffd7d0: 0xffffd7fb  0x00000000  0x00000000  0x00000000
      
0xffffd7e0: 0x00000000  0x00000000  0x8b000000  0xb1cfbc04
      
0xffffd7f0: 0x91563e77  0xcb1ff506  0x6957e20c  0x00363836
      
0xffffd800: 0x00000000  0x00000000  0x00000000  0x72616e2f
      
0xffffd810: 0x2f61696e  0x6e72616e  0x00326169  0x41414141
      
0xffffd820: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd830: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd840: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd850: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd860: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd870: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd880: 0x41414141  0x31414141  0x2f6850c0  0x6868732f
      
0xffffd890: 0x6e69622f  0x5350e389  0xc289e189  0x80cd0bb0


      what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
      what is the most used and why?






      c debugging gdb buffer-overflow







      share|improve this question















      I am workin on Overthewire narnia2(ctf game).
      Currently I am learning how to use the gdb and I have a simple question. 



          (gdb) x/200x $esp-0xac
      
0xffffd5a4: 0x08048534  0xffffd5c8  0xf7e5b7d0  0xffffd5c8
      
0xffffd5b4: 0xf7ffd920  0xf7e5b7d5  0x08048494  0x08048534
      
0xffffd5c4: 0xffffd5c8  0x6850c031  0x68732f2f  0x69622f68
      
0xffffd5d4: 0x50e3896e  0x89e18953  0xcd0bb0c2  0x41414180
      
0xffffd5e4: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd5f4: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd604: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd614: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd624: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd634: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd644: 0x41414141  0x62626262  0xf7e2a200  0x00000002
      
0xffffd654: 0xffffd6e4  0xffffd6f0  0x00000000  0x00000000
      
0xffffd664: 0x00000000  0xf7fc5000  0xf7ffdc0c  0xf7ffd000
      
0xffffd674: 0x00000000  0x00000002  0xf7fc5000  0x00000000
      
0xffffd684: 0x59e07c0a  0x6308501a  0x00000000  0x00000000
      

      

      

      
    (gdb) x/200x $esp
      

      
0xffffd7a0: 0x000036b2  0x0000000e  0x000036b2  0x00000017
      
0xffffd7b0: 0x00000001  0x00000019  0xffffd7eb  0x0000001a
      
0xffffd7c0: 0x00000000  0x0000001f  0xffffdfe8  0x0000000f
      
0xffffd7d0: 0xffffd7fb  0x00000000  0x00000000  0x00000000
      
0xffffd7e0: 0x00000000  0x00000000  0x8b000000  0xb1cfbc04
      
0xffffd7f0: 0x91563e77  0xcb1ff506  0x6957e20c  0x00363836
      
0xffffd800: 0x00000000  0x00000000  0x00000000  0x72616e2f
      
0xffffd810: 0x2f61696e  0x6e72616e  0x00326169  0x41414141
      
0xffffd820: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd830: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd840: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd850: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd860: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd870: 0x41414141  0x41414141  0x41414141  0x41414141
      
0xffffd880: 0x41414141  0x31414141  0x2f6850c0  0x6868732f
      
0xffffd890: 0x6e69622f  0x5350e389  0xc289e189  0x80cd0bb0


      what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
      what is the most used and why?






      c debugging gdb buffer-overflow




      c debugging gdb buffer-overflow






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 15 at 7:52









      Cœur

      17.4k9102143




      17.4k9102143










      asked Nov 23 at 0:26









      Joel alexis

      134




      134
























          1 Answer
          1






          active

          oldest

          votes


















          1















          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer





















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53439365%2fmemory-addresses%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1















          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer





















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45
















          1















          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer





















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45














          1












          1








          1







          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer













          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 23 at 5:11









          Employed Russian

          123k19164233




          123k19164233












          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45


















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45
















          Very helpful. Thank you very much for giving me this clarity.
          – Joel alexis
          Nov 24 at 21:45




          Very helpful. Thank you very much for giving me this clarity.
          – Joel alexis
          Nov 24 at 21:45


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53439365%2fmemory-addresses%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Contact image not getting when fetch all contact list from iPhone by CNContact

          Image
          up vote 0 down vote favorite I know this question already asked but not getting solution. From this code I will get all the information from the contact but image not found when open vcf files on mac os, also not getting when share this file. I use this stackoverflow link here but It's not help full. var contacts = [CNContact]() let keys = [CNContactVCardSerialization.descriptorForRequiredKeys() ] as [Any] let request = CNContactFetchRequest(keysToFetch: keys as! [CNKeyDescriptor]) do { try self.contactStore.enumerateContacts(with: request) { (contact, stop) in // Array containing all unified contacts from everywhere contacts.append(contact) } } catch { print("unable to fetch contacts") } do { let data = try
          Read more

          count number of partitions of a set with n elements into k subsets

          Image
          up vote 6 down vote favorite 1 This program is for count number of partitions of a set with n elements into k subsets I am confusing here return k*countP(n-1, k) + countP(n-1, k-1); can some one explain what is happening here? why we are multiplying with k? NOTE->I know this is not the best way to calculate number of partitions that would be DP // A C++ program to count number of partitions // of a set with n elements into k subsets #include<iostream> using namespace std; // Returns count of different partitions of n // elements in k subsets int countP(int n, int k) { // Base cases if (n == 0 || k == 0 || k > n) return 0; if (k == 1 || k == n) return 1; // S(n+1, k) = k*S(n, k) + S(n, k-1) return k*countP(n-1, k) + countP(n-1, k-1); } // Driver program int ma
          Read more

          A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

          Image
          0 I found a lot of questions abount appendices and ToC. Many users want appendices to be grouped in an Appendix part, however some problems arise with ToC, hyperref, PDF viewer bookmarks, and so on. There are different solutions which require extra packages, command patching and other extra code, however none of them satisfies me. I almost found an easy way to accomplish a good result, where appendices are added to bookmarks in the right way and hyperref links point to the right page. However, the number of the "Appendix" part page is wrong (it's the number of appendix A). Is there any EASY way to fix that? This is a MWE: documentclass{book} usepackage[nottoc,notlot,notlof]{tocbibind} usepackage{hyperref} begin{document} frontmatter tableofcontents mainmatter part{First} chapter{
          Read more